Uncategorized —

Honeypotting might make you bubba’s new honey… in prison

Share this story

Honeypotting is the practice of setting up a server or network device (a "honeypot") on your network whose sole purpose is to attract and trap would-be cr/hackers. The idea is that you can setup traps to bust folks, plus hopefully lure hackers away from attempting to crack other vital systems. The problem is that in doing so, you may be breaking the law. Yes, as insane as it may sound, attempting to protect your network in this way may tread on the legalities of the "interception of communications" rules of the Federal Wiretap Act. One way to keep it legal is to make sure that all people interacting with the honeypot realize that it is being monitored, that is, that they "consent" to being monitored. Wow, what a brilliant solution. "Dear User. This is a honeypot. We are watching you. Please continue to hack. Thanks." OK? It gets worse.

The consent exemption might apply without a banner if a court determines that the honeypot itself is one of the "parties" to the communication, Salgado [senior counsel for the Department of Justice's computer crime unit] said. But that goes out the window -- or at least becomes more legally complicated -- the moment the hacker uses the honeypot to connect to another machine, or sets up a chat system on the box. Now the honeypot operator is intercepting communications between two or more parties. "Those kinds of situation become problematic."

Now, mind you, if your production servers were being hacked, and you were monitoring them, then that's fine. The problem is that you cannot apparently justifying monitoring someone who is hacking a server that you designed to attract hackers. So, to justify the monitor, you need a non-honeypot system to be attacked, kind of defeating the purpose of the honeypot in the first place.

Share this story

Ken Fisher
Ken is the founder & Editor-in-Chief of Ars Technica. A veteran of the IT industry and a scholar of antiquity, Ken studies the emergence of intellectual property regimes and their effects on culture and innovation. Emailken@arstechnica.com//Twitter@kenfisher